CVE-2018-14665

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2018-14665
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2018-10-25 20:29:00 UTC
Updated2019-10-22 23:15:00 UTC
DescriptionA flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

Risk And Classification

Problem Types: CWE-863

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Canonical Ubuntu Linux 16.04 All All All
Operating System Canonical Ubuntu Linux 18.04 All All All
Operating System Canonical Ubuntu Linux 18.10 All All All
Operating System Canonical Ubuntu Linux 16.04 All All All
Operating System Canonical Ubuntu Linux 18.04 All All All
Operating System Canonical Ubuntu Linux 18.10 All All All
Operating System Debian Debian Linux 9.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Operating System Redhat Enterprise Linux Desktop 7.0 All All All
Operating System Redhat Enterprise Linux Desktop 7.0 All All All
Operating System Redhat Enterprise Linux Server 7.0 All All All
Operating System Redhat Enterprise Linux Server 7.0 All All All
Operating System Redhat Enterprise Linux Server Aus 7.6 All All All
Operating System Redhat Enterprise Linux Server Aus 7.6 All All All
Operating System Redhat Enterprise Linux Server Eus 7.6 All All All
Operating System Redhat Enterprise Linux Server Eus 7.6 All All All
Operating System Redhat Enterprise Linux Server Tus 7.6 All All All
Operating System Redhat Enterprise Linux Server Tus 7.6 All All All
Operating System Redhat Enterprise Linux Workstation 7.0 All All All
Operating System Redhat Enterprise Linux Workstation 7.0 All All All
Application X.org Xorg-server All All All All
Application X.org Xorg-server All All All All

References

ReferenceSourceLinkTags
Software [in] Security: CVE-2018-14665 : Xorg X Server Vulnerabilities MISC www.securepatterns.com Exploit, Third Party Advisory
xorg-x11-server < 1.20.1 - Local Privilege Escalation - Linux local Exploit EXPLOIT-DB www.exploit-db.com Exploit, Third Party Advisory, VDB Entry
Xorg X11 Server SUID modulepath Privilege Escalation ≈ Packet Storm MISC packetstormsecurity.com
xorg-x11-server 1.20.3 - Privilege Escalation - OpenBSD local Exploit EXPLOIT-DB www.exploit-db.com Exploit, Third Party Advisory, VDB Entry
Debian -- Security Information -- DSA-4328-1 xorg-server DEBIAN www.debian.org Third Party Advisory
xorg-x11-server < 1.20.3 - Local Privilege Escalation - Multiple local Exploit EXPLOIT-DB www.exploit-db.com Exploit, Third Party Advisory, VDB Entry
X.Org Command Line Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges and Delete Arbitrary Files - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Xorg X11 Server (AIX) - Local Privilege Escalation - AIX local Exploit EXPLOIT-DB www.exploit-db.com Exploit, Third Party Advisory, VDB Entry
X.Org X Server CVE-2018-14665 Multiple Local Privilege Escalation Vulnerability BID www.securityfocus.com Third Party Advisory, VDB Entry
Xorg X11 Server Local Privilege Escalation ≈ Packet Storm MISC packetstormsecurity.com
1637761 – (CVE-2018-14665) CVE-2018-14665 xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation CONFIRM bugzilla.redhat.com Issue Tracking, Patch, Third Party Advisory
Xorg X11 Server - SUID privilege escalation (Metasploit) - Multiple local Exploit EXPLOIT-DB www.exploit-db.com Exploit, Third Party Advisory, VDB Entry
xorg-x11-server < 1.20.3 (Solaris 11) - 'inittab Local Privilege Escalation - Solaris local Exploit EXPLOIT-DB www.exploit-db.com Exploit, Third Party Advisory, VDB Entry
Red Hat Customer Portal REDHAT access.redhat.com Third Party Advisory
X.Org X Server: Privilege escalation (GLSA 201810-09) — Gentoo security GENTOO security.gentoo.org Third Party Advisory
X.Org security advisory: October 25, 2018 MLIST lists.x.org Mitigation, Patch, Vendor Advisory
Disable -logfile and -modulepath when running with elevated privileges (50c0cf88) · Commits · xorg / xserver · GitLab CONFIRM gitlab.freedesktop.org Patch, Third Party Advisory
USN-3802-1: X.Org X server vulnerability | Ubuntu security notices UBUNTU usn.ubuntu.com Third Party Advisory
xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation - Multiple local Exploit EXPLOIT-DB www.exploit-db.com Exploit, Third Party Advisory, VDB Entry
Disable -logfile and -modulepath when running with elevated privileges (8a59e3b7) · Commits · xorg / xserver · GitLab CONFIRM gitlab.freedesktop.org Patch, Third Party Advisory
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 500824 Alpine Linux Security Update for xorg-server
  • 710217 Gentoo Linux X.Org X Server Privilege escalation Vulnerability (GLSA 201810-09)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report